1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Microsoft Forefront UAG vulnerabilities could allow remote code execution

Report ID: MS201110005
Date Published: 12 October 2011

Criticality: Important
Compromise Type: cross-site-scripting denial-of-service remote-code-execution
Compromise From: remote

Affected Product/Component:

Microsoft Forefront Unified Access Gateway 2011


Five vulnerabilities identified in Microsoft Forefront Unified Access Gateway (UAG) could lead to cross-site scripting, denial of service and remote code execution attacks.

Detailed Description

Microsoft has issued a security update for Microsoft Forefront Unified Access Gateway (UAG) to address five reported vulnerabilities.

  • ExcelTable response splitting XSS vulnerability (CVE-2011-1895)
    ExcelTable reflected XSS vulnerability (CVE-2011-1896)
    Default reflected XSS vulnerability (CVE-2011-1897)

    When UAG fails to properly handle script in a specially crafted request, JavaScript can be injected back to the user, allowing attacker-controlled JavaScript to run in the context of the user clinking on the link. This vulnerability could lead to information disclosure and privilege escalation.

  • Poisoned cup of code execution vulnerability (CVE-2011-1969)
    When a vulnerable Java applet is installed on a browser by the UAG server, it could be used to execute arbitrary code on any Java-enabled web browser. 

  • Null session cookie crash (CVE-2011-2012)
    A flaw in the implementations of UAG that lead to improper validation of a NULL value within the session cookie could be used by an attacker to crash the web server on the affected UAG machine.


These vulnerabilities has been patched in the update through modification in the way UAG handles specially crafted requests, modification on the MicrosoftClient.JAR file, and addition of exception handling around the null value of the UAG Web server. Users are recommended to install the latest patch to protect from potential exploit.

CVE Reference

CVE-2011-1895, CVE-2011-1896, CVE-2011-1897, CVE-2011-1969, CVE-2011-2012


Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms11-079)


CVE-2011-1895, CVE-2011-1896, CVE-2011-1897, CVE-2011-1969, CVE-2011-2012

Online Virus Scanner

Run a quick online virus scan of your computer.